y-

Accountin

Eleventh Edition

George HL Bodnar

Florida Atlantic University

PEARSON

Pearson Education International

Boston Columbia Indianapolis New York San Francisco Upper Saddle River AmsterdamCape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City

Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo

.

Contents

Preface xviiList of Acronyms xx

PART I Introduction to Accounting InformationSystems 1

Chapter 1 Accounting Information Systems: An Overview 1Accounting Information Systems and Business Organizations 1

Information and Decisions 1Users of Accounting Information 1Characteristics of Information 2

Information Systems 3Data Processing 3Management Information Systems 4Decision Support Systems 4Expert Systems 4Executive Information Systems 4Accounting Information Systems 4

Accounting Information Systems and Application

Architecture 5

Evolution of Applications Architecture 5Enterprise Resource Planning (ERP) 6

Business Processes 8Business Process Reference Models 8

The ERP Functional Model 9The Value Chain Model 9The Supply Chain Model 10The Operations Process Model 10The Transaction Cycle Model 10

Internal Control Process 12Elements of Internal Control Process 12Segregation of Accounting Functions 13Internal Audit Function 14

Accounting and Information Technology 15

The Information System Function 15Organizational Location 15Functional Specializations 16

End-User Computing 17Cloud Computing 17Quick-Response Technology 19

Lean Manufacturing 20Just-in-Time 20Web Commerce 21Electronic Data Interchange 21Extensible Business Reporting Language 21Electronic Payment Systems 22

The Accountant and Systems Development 23

The Nature of Systems Development 23Business Process Blueprinting 24Behavioral Considerations in Systems Development 25

CONTENTS

Green IT: Designing for Sustainability 25Energy Usage 25E-Waste 26

Summary 26 » Glossary 26 • Webliography 28 « Chapter Quiz 28 • ReviewQuestions 29 • Discussion Questions and Problems 29 o Web ResearchAssignments 33 « Answers to Chapter Quiz 34

Chapter 2 Systems Techniques and Documentation 35Users of Systems Techniques 35

Use of Systems Techniques in Auditing 35Internal Control Evaluation 35Compliance Testing 36Working Papers 36

Use of Systems Techniques in SystemsDevelopment 36

Systems Analysis 36Systems Design 36Systems Implementation 37

Use of Systems Techniques by Sarbanes-Oxley ActCompliance Participants 37

Systems Techniques 38Flowcharting Symbols 38Symbol Use in Flowcharting 41IPO and HIPO Charts 42Systems and Program Flowcharts 43Logical Data Flow Diagrams 43Logical Data Flow Diagrams and StructuredAnalysis 44Analytic, Document, and Forms Distribution Flowcharts 46Analytic Flowcharting Illustration 48

Planning the Flowchart 48Symbol Selection 48System Analysis 48Drawing the Flowchart 49Sandwich Rule 50Using the Connector Symbol 50Entity-Column Relations 50

Unified Modeling Language™ (UML®) 52Business Process Diagrams 54Narrative Techniques 60Resource Utilization Analysis 60

Work Measurement 61Work Distribution Analysis 62

Decision Analysis Techniques 62Branching and Decision Tables 62Matrix Methods 64

Software for Systems Techniques 64Microsoft Office® Applications 65Computer-Aided Software Engineering 65UML Modeling Tools 65BPMN Modeling Tools 65

Summary 65 o Glossary 67 • Webliography 67 » Chapter Quiz 68 « ReviewProblem 68 * Review Questions 69 » Discussion Questions and Problems 69 «Web Research Assignments 79 « Answers to Chapter Quiz 79

Vi CONTENTS

Chapter 3 eBusiness and eCommerce 80Introduction: Electronic Business and Electronic Commerce 80

The Internet 80Client and Servers 81

Types of Servers 81

eBusiness and Enterprise Architecture 83The Business Architecture 84The Data Architecture 85

Databases 85The Corporate Information Factory 86

The Applications Architecture 87ERP and EAS Architectures 88Service-Oriented Architecture 88Benefits of SOA 89Middleware 89

The Technical Architecture 90Enterprise Architecture Frameworks 91

Business Process Frameworks and Reference Models 91Value Chain Frameworks 91Supply Chain Frameworks 92

eBusiness Architectures 92Electronic Commerce Technologies 93

Electronic Payment Systems 93Digital Cash 93Virtual Cash 93Virtual Cash in Electronic Cards 93

The Internet Store 94Trust in eCommerce: Privacy, Business Practices, and Transaction Integrity 95

Summary 96 • Glossary 96 • Webliography 98 • Chapter Quiz 98 • ReviewQuestions 99 • Discussion Questions and Problems 99 • Web ResearchAssignments 102 • Answers to Chapter Quiz 102

Chapter 4 Transaction Processing and the Internal Control Process 103The Necessity for Controls 103

Enterprise Risk Management 103Controls and Exposures 104Common Exposures 104

Excessive Costs 104Deficient Revenues 105Loss of Assets 105Inaccurate Accounting 105Business Interruption 105Statutory Sanctions 105Competitive Disadvantage 105Fraud and Embezzlement 105

Fraud and White-Collar Crime 105Forensic Accounting 107Seriousness of Fraud 107

Control Objectives and Transaction Cycles 107Components of the Internal Control Process 108

External Influences Concerning an Entity and Internal Control 109The Sarbanes-Oxley Act 110

Compliance with Sox Section 404 111,

CONTENTS v i i

The Impact of the Business Environment on Internal Control 113Control Environment 113

Integrity and Ethical Values 113Commitment to Competence 115Management Philosophy and Operating Style 115Organizational Structure 116Functions of the Board of Directors and Its Committees 116Manner of Assigning Authority and Responsibility 117Human Resource Policies and Practices 118

Risk Assessment 119Control Activities 119

Segregation of Duties 119Adequate Documents and Records 120Restricted Access to Assets 120Independent Accountability Checks and Reviews of Performance 121Information Processing Controls 121

Information and Communication 122Documentation of the Accounting System 122Double-Entry System of Accounting 122Communication 123

Monitoring 123A Model for Monitoring 124

Transaction Processing Controls 124General Controls 124

The Plan of Data Processing Organization and Operation 125General Operating Procedures 125Equipment Control Features 126Equipment and Data-Access Controls 126

Application Controls 126Input Controls 126Processing Controls 128Output Controls 129

Preventative, Detective, and Corrective Controls 130Communicating the Objectives of Internal Control 130Goals and Behavior Patterns 131

Analysis of Internal Control Processes 133Analytic Techniques 133Internal Control and Compliance in Small Business and Small Public Companies. 135Illustration of an Internal Control Analysis 137

Summary 138 • Glossary 138 • Webliography 140 • Chapter Quiz 141 e° Review Problem 141 • Solution to Review,Problem 142 • Review

Questions 142 • Discussion Questions and Problems 142 • Web ResearchAssignments 149 • Answers to Chapter Quiz 149

Chapter 5 Fraud Examination and Fraud Management 150The Fraud Management Process 150

Fraud Prevention 151Fraud Detection 151

Optimal Fraud Detection Systems 153Fraud Investigation Process 153

The Fraud Engagement Process 154The Evidence Collection Process 156

Physical, Document, and Observation Evidence 158

V i i i CONTENTS

The Fraud Report 163Loss Recovery and Litigation 163Expert Testimony 164

Fraud Schemes 165Financial Statement Fraud 165

Who Commits Financial Statement Fraud and Why 166How to Prevent Financial Statement Fraud 167

Employee Fraud 167Revenue Cycle Fraud 168Expenditure Cycle Fraud 169Production Cycle Fraud 171

Vendor Fraud 171Computer Forensics 171

Evidence Gathering with Computers 172Preliminary Steps 172Collecting Computer-Related Evidence 172Pull the Plug 173Don't Pull the Plug 173Device Processing 174Content Investigation 174Deleted or Corrupted Data Recovery 174

Location Analysis 174Password Cracking 176Surreptitious User Monitoring and Reporting 176

Summary 177 ® Glossary 178 © Webliography 178 ® Chapter Quiz 179 •Review Problem 179 • Solution to Review Problem 179 • Review Questions 180Discussion Questions and Problems 180 ® Web Research Assignments 186 •Answers to Chapter Quiz 186

Chapter 6 Information Security 187An Overview of Information Security 187

The Information Security Management System Life Cycle 188International Standards for Information Security 188The Information Security System in the Organization 189Analyzing Vulnerabilities and Threats 189

Vulnerabilities and Threats 190The Seriousness of Information Systems Fraud 190Individuals Posing a Threat to the Information System 191

Computer and Information Systems Personnel 191Users 192 -Intruders and Hackers 192

Methods of Attack by Information Systems Personnel and Users 198Input Manipulation 198Program Alteration 199Direct File Alteration 199Data Theft 199Sabotage 200Misappropriation or Theft of Information Resources 200

The Information Security Management System 201The Control Environment 201

Management Philosophy and Operating Style 201Organizational Structure 201

CONTENTS i x

Board of Directors and Its Committees 201Methods of Assigning Authority and Responsibility 202Management Control Activities 202Internal Audit Function 202Personnel Policies and Practices 202External Influences 203

Controls for Active Threats 203Site-Access Controls 203System-Access Controls 205File-Access Controls 206

Controls for Passive Threats 207Fault-Tolerant Systems 207Correcting Faults: File Backups 207

Internet Security—Special System and Configuration Considerations 208Operating System Vulnerabilities 208Web Server Vulnerabilities 209Private Network Vulnerabilities 209Vulnerabilities from Various Server and Communications Programs 209Cloud Computing 210Grid Computing 210General Security Procedures 211

Disaster Risk Management 211Preventing Disasters 211Contingency Planning for Disasters 211

Assess the Company's Critical Needs 212List Priorities for Recovery 212Recovery Strategies and Procedures 212

Compliance Standards 213Information Security Standards 213Business Continuity Planning and Disaster Recovery Standards 214

Summary 215 o Glossary 215 o Webliography 217 © Chapter Quiz 217 ®Review Problem 218 * Solution to Review Problem 218 • Review Questions 218 •Discussion Questions ^and Problems 219 ® Web Research Assignments 2 2 6 ®Answers to Chapter Quiz 226

PART II Business Processes 227

Chapter 7 Electronic Data Processing Systems 227The Input System 227

Manual Input Systems 227Preparation and Completion of the Source Document 227Transfer of Source Documents to Data Processing 227

Electronic Input Systems 232The Processing System 233

Types of Files 233Generic File Processing Operations 234Batch-Processing Systems 234

Batch Processing with Sequential File Updating 235Batch Processing with Random-Access File Updating 241Illustration of Batch Processing with Random-AccessFile Updating 242

Real-Time Processing Systems 244

CONTENTS ix

Board of Directors and Its Committees 201

Methods of Assigning Authority and Responsibility 202

Management Control Activities 202

Internal Audit Function 202

Personnel Policies and Practices 202

External Influences 203

Controls for Active Threats 203

Site-Access Controls 203

System-Access Controls 205

File-Access Controls 206

Controls for Passive Threats 207Fault-Tolerant Systems 207

Correcting Faults: File Backups 207

Internet Security—Special System and Configuration Considerations 208

Operating System Vulnerabilities 208

Web Server Vulnerabilities 209

Private Network Vulnerabilities 209

Vulnerabilities from Various Server and Communications Programs 209

Cloud Computing 210

Grid Computing 210

General Security Procedures 211

Disaster Risk Management 211

Preventing Disasters 211

Contingency Planning for Disasters 211

Assess the Company's Critical Needs 212

List Priorities for Recovery 212

Recovery Strategies and Procedures 212

Compliance Standards 213

Information Security Standards 213

*, Business Continuity Planning and Disaster Recovery Standards 214

Summary 215 • Glossary 215 • Webliography 217 © Chapter Quiz 217 ®

Review Problem 218 o Solution to Review Problem 218 © Review Questions 218 •

Discussion Questions gnd Problems 219 ® Web Research Assignments 226 ®

Answers to Chapter Quiz 226

PART II Business Processes 227

Chapter 7 Electronic Data Processing Systems 227The Input System 227

Manual Input Systems 227

Preparation and Completion of the Source~Document 227

Transfer of Source Documents to Data Processing 227

Electronic Input Systems 232

The Processing System 233

Types of Files 233

Generic File Processing Operations 234

Batch-Processing Systems 234

Batch Processing with Sequential File Updating 235

Batch Processing with Random-Access File Updating 241

Illustration of Batch Processing with Random-Access

File Updating 242

Real-Time Processing Systems 244

CONTENTS

Real-Time Sales Systems 245Components of Extended Supply Chain Systems 246Transaction Processing in EDI-Based Sales Systems 249Special Internal Control Considerations 250

The Output System 251

Summary 251 • Glossary 252 • Webliography 252 • Chapter Quiz 252 •Review Problem 253 • Solution to Review Problem 253 • Review Questions 254Discussion Questions and Problems 254 • Web Research Assignments 264 •Answers to Chapter Quiz 264

Chapter 8 Revenue Cycle Processes 265Sales Business Process 265

Overview 265Inquiry 265Contract Creation 266Order Entry 266Shipping 267Billing 267

SAP ERP Illustration 268Customer Master Records 268Data Fields 269One-Time Customers 272

Standard Order Processing in SAP ERP 272Overview 272Creating a Sales Order 272Database Features 273

Transaction Cycle Controls in Order Processing 274Order Entry 274Credit 276Inventory 276Shipping 276Billing and Accounts Receivable 277General Ledger 277

Sarbanes-Oxley Compliance: Sales Business Process 278

Customer Account Management Business Process 279Accounts Receivable 279

Transaction Controls in the Accounts Receivable Business Process 280Separation of Functions 280

Cash Receipts 280Billing 280Accounts Receivable 281Credit 281General Ledger 282

Sales Returns and Allowances 282Write-Off of Accounts Receivable 282Sarbanes-Oxley Compliance: Accounts Receivable Business Process 283

Cash-Received-on-Account Business Process 284

Overview 284Mailroom 285Cash Receipts 285Accounts Receivable 286General Ledger 286Bank 287

CONTENTS X i

Internal Audit 287Summary 287

Lock-Box Collection Systems 288

Cash-Sales Business Process 289Summary 290 • Glossary 290 • Webliography 290 • Chapter Quiz 291 •Review Problem 291 • Solution to Review Problem 292 • Review Questions 292 •Discussion Questions and Problems 293 • Web Research Assignments 304 •Answers to Chapter Quiz 304

Chapter 9 Procurement and Human Resource Business Processes 305The Procurement Business Process 305

Overview 305Requirement Determination 306Selection of Source(s) 307Request for Quotation 307Selection of a Vendor 308Issuing of a Purchase Order 308Receipt of the Goods 309Invoice Verification 309Vendor Payment 310Master Records 310

Transaction Cycle Controls over Procurement 311- Requisitioning (Stores) 311

Purchasing 313Receiving 314Stores 315Accounts Payable 315Additional Control Features 315Integrity of the Procurement Business Process 317The Attribute Rating Approach to Vendor Selection 317

Sarbanes-Oxley Compliance: Procurement Business Process 317

Cash Disbursements Business Process 318Accounts Payable 318Cash Disbursements 319General Ledger 319Internal Audit 319Voucher Systems 319

Posting of Payables 320

Human Resource Management Business Process 321HR Processing in SAP ERP 322HR Data Structure 323

Master Data 323Data Organization 323HR Objects 324

Transaction Cycle Controls in Payroll Processing 324Personnel 324Timekeeping 324Payroll 326Other Controls in Payroll 326Sarbanes-Oxley Compliance: Payroll Business Process 326Payroll Processing Requirements 326

Xii CONTENTS

Summary 328 * Glossary 328 » Webliography 329 « Chapter Quiz 329 •Review Problem 330 « Solution to Review Problem 330 » Review Questions 332Discussion Questions and Problems 332 • Web Research Assignments 348 •Answers to Chapter Quiz 348

Chapter 10 The Production Business Process 349The Production Business Process 349

Production Planning and Control 349Cost Accounting Controls 351

Inventory Control 353Lean Production 354Property Accounting Applications 355

Fixed Assets 355Investments 356Internal Accounting Control Practices 356

Quick-Response Manufacturing Systems 357

Components of Quick-Response Manufacturing Systems 357The Physical Manufacturing System 357The Manufacturing Resource Planning (MRP II) System 359Advanced Integration Technologies 360

Transaction Processing in Quick-Response Manufacturing Systems 361Production Planning 361Production Scheduling 363Cost Accounting 364Reporting 365Activity-Based Costing 365MRP II versus MRP 368

. ERP, ERP II, and EAS 369Implementing Lean Production in an MRP II/CIM Environment 369

Special Internal Control Considerations 370Summary 371 • Glossary 371 • Webliography 372 • Chapter Quiz 372 «Review Problem 373 • Solution to Review Problem 373 • Review Questions 373Discussion Questions and Problems 374 e Web Research Assignments 380 •Answers to Chapter Quiz 380

PART III Systems Development 381

Chapter 11 Systems Planning, Analysis, and Design 381General Overview 381

Rigid Development 381Flexible Development 382

Overview of Systems Planning and Analysis 383

Systems Planning and Feasibility Analysis 384

Systems Planning and Top Management 385Steering Committee 385Developing Objectives and System Constraints 385Developing a Strategic Systems Plan 385Identifying Individual Projects for Priority 386Commissioning the Systems Project 386

The Steps in Systems Analysis 386

Phase 1: Survey Current System 386Objectives of Surveying 386

CONTENTS X i i i

Behavioral Considerations 387Sources for Gathering Facts 387Analysis of Survey Findings 388

Phase 2: Identify Information Needs 388Phase 3: Identify the Systems Requirements 389Phase 4: Develop a Systems Analysis Report 389

Fact-Gathering Techniques 390

Techniques for Organizing Facts 390

Structured Systems Analysis and Design 392

Logical Flow and Business Process Diagrams versus Flowcharts 392Systems Design versus Systems Analysis 392The Steps in Structured Systems Analysis 393

Develop Logical Data Flow Diagrams 393Define Data Dictionaries 393Define Access Methods 394Define Process Logic 394

Iterative Systems Development 395 .

Object-Oriented Design and Analysis 395Diagrams in Process Orientation versus Object Orientation 396

Overview of Systems Design 397

Steps in Systems Design 397

Evaluating Design Alternatives 398Enumeration of Design Alternatives 398Describing the Alternatives 400Evaluating the Alternatives 400

Preparing Design Specifications 400Preparing and Submitting the Systems Design Specifications 401Businesss Process Blueprinting 402

Resources-Events-Agent (REA) Model 402

General Design Considerations 403

Output Design 404Database Design 404Data Processing 404Data Input 404Controls and Security Measures 405 / l

Design Techniques 405

Forms Design 405Database Design 405Systems Design Packages 406Choosing Software and Hardware 406

Conventional Wisdom in Systems Development 408

Summary 409 ® Glossary 410 © Webliography 411 ® Chapter Quiz 412 ©Review Questions 413 ® Discussion Questions and Problems 414 ® Web ResearchAssignments 418 o Answers to Chapter Quiz 418

Chapter 12 Systems Project Management, Implementation,Operation, and Control 419Overview 419

Systems Implementation 419

Establishing Plans and Controls for Implementation 419

x i v CONTENTS

Executing Implementation Activities 422Employee Training 422Acquiring and Installing New Computer Equipment 423Detailed Systems Design 423

,, Documenting the New System 424File Conversion 424Test Operations 424

Evaluating the New System 425Planning and Organizing a Systems Project 425

Project Selection 425The Project Team 426

Project Leader Responsibilities 426Project Uncertainty 427

Project Breakdown into Tasks and Phases 427Time Estimates 428

Work Measurement Techniques 428Accuracy of Estimates 430

Project Accounting 431Operation of the System 431Level of Detail 432

The Project Development Environment 432The Project Collaboration Platform 432The Software Application Framework 432The Integrated Development Environment 434The Software Versioning System 434The Application Solution Stack 434

All-in-One and Integrated Platforms 435Control over Nonfinancial Information SystemsResources 435

1 Auditing the Information System 436

Maintaining and Modifying the System 436

Summary 437 • Glossary 437 • Webliography 437 • Chapter Quiz 438

Review Questions 439 • Discussion Questions and Problems 439 • Web Research

Assignments 440 • Answers to Chapter Quiz 440

PART IV Contemporary Information Systems Technology 441

Chapter 13 Data Management Concepts 441Introductory Terminology 441

Databases 441Basic Database Elements: Fields, Data Items, Attributes, and Elements 442Data Occurrences 442Fixed- and Variable-Length Records 442Record Key and File Sequence 445

Database Management Systems and Their Architecture 446Conceptual Architecture 446Database Architecture at the Logical Level: Logical Data Structures 448

Tree or Hierarchical Structures 448Network Structures 449Relational Data Structures 450

Database Architecture: The Physical Level 454Sequentially Accessed Files 454Indexed Files 455

CONTENTS XV

Directly Accessed Files 458

Economic Relations between File Organization Techniques 460

Physical Architecture, Hardware, and Response Time 461

Database Architecture and Database Development 462

Other Types of Logical Structures and Related Databases 463

OLAP 463

In-Memory Databases 463

Acid: Reliable Processing of Database Transactions 464

Database Management Systems and Databases in Practice 464Data Description Language (DDL) 464

Data Manipulation Language 464

Data Query Language 465

SQL Data Manipulation Language 466

Select Queries 466

Update, Insert, and Delete Queries 468

High-Level Query Languages 468

Reporting Solutions 469

Why Database Management Systems Are Needed 469

Data Independence 470

Security 470

Database Documentation and Administration 471

Summary 472 » Glossary 473 • Webliography 475 • Chapter Quiz 475 •

Review Problem 476 • Solution to Review Problem 476 • Review Questions 476

Discussion Questions and Problems 476 • Web Research Assignments 481 •

Answers to Chapter Quiz 481

Chapter 14 Auditing Information Technology 482Information Systems Auditing Concepts 482

Structure of a Financial Statement Audit 482

Auditing around the Computer 483

Auditing through the Computer 484

Auditing with the Computer 484

Risk-Based Auditing 485

Information Systems Auditing Technology 486Test Data 486

Integrated-Test-Facility Approach 488

Parallel Simulation 489

Audit Software 490

Generalized Audit Software (GAS) 490

Embedded Audit Routines 490

Extended Records 491

Snapshot 491

Tracing 492

Review-of-Systems Documentation 492

Control Flowcharting 492

Mapping 493

Types of Information Systems Audits 493General Approach to an Information Systems Audit 493

Information Systems Application Audits 494

Application Systems Development Audits 494

Computer Service Center Audits 495

Auditing Service-Oriented Architectures 495

xvi CONTENTS

IT Governance and COBIT 495COBIT 496

Navigation Diagram 496Maturity Models 498Management Guidelines 500

Performance Measurement 500

COBIT and Sarbanes-Oxley Compliance 501

Professional Certifications Relating to IT Governance 501

Summary 502 • Glossary 502 • Webliograpy 503 • Chapter Quiz 503 •Review Problem 504 • Solution to Review Problem 504 • Review Questions 505Discussion Questions and Problems 505 • Web Research Assignments 512 •Answers to Chapter Quiz 512

Index 513